func()

in controllers/util/solr_tls_util.go [210:253]

• 36 lines of code
• 10 McCabe index (conditional complexity)

func (tls *TLSConfig) VerifyKeystoreAndTruststoreSecretConfig(client *client.Client) (*corev1.Secret, error) {
	opts := tls.Options
	foundTLSSecret, err := verifyTLSSecretConfig(client, opts.PKCS12Secret.Name, tls.Namespace, opts.KeyStorePasswordSecret)
	if err != nil {
		return nil, err
	} else {
		if opts.RestartOnTLSSecretUpdate {
			err = tls.saveCertMd5(foundTLSSecret)
			if err != nil {
				return nil, err
			}
		}

		if _, ok := foundTLSSecret.Data[opts.PKCS12Secret.Key]; !ok {
			// the keystore.p12 key is not in the TLS secret, indicating we need to create it using an initContainer
			tls.NeedsPkcs12InitContainer = true
		}
	}

	// verify the truststore config is valid too
	if opts.TrustStoreSecret != nil {
		// verify the TrustStore secret is configured correctly
		passwordSecret := opts.TrustStorePasswordSecret
		if passwordSecret == nil {
			passwordSecret = opts.KeyStorePasswordSecret
		}
		_, err := verifyTLSSecretConfig(client, opts.TrustStoreSecret.Name, tls.Namespace, passwordSecret)
		if err != nil {
			return nil, err
		}
	} else {
		// does the supplied keystore secret also contain the truststore?
		if _, ok := foundTLSSecret.Data[DefaultPkcs12TruststoreFile]; ok {
			// there's a truststore in the supplied TLS secret
			opts.TrustStoreSecret =
				&corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: foundTLSSecret.Name}, Key: DefaultPkcs12TruststoreFile}
			if opts.TrustStorePasswordSecret == nil {
				opts.TrustStorePasswordSecret = opts.KeyStorePasswordSecret
			}
		}
	}

	return foundTLSSecret, nil
}